I am excited to propose a talk for Opensource Day on the topic of "Policy as Code: A Game-changer for Stack Security."

I will begin the talk with discussing the role of Policy-as-Code in enhancing the security of modern application stacks, and how it can be used to enforce compliance, automate security processes, and improve overall security posture.

Policy-as-Code is a powerful approach to defining and enforcing security policies and practices in an automated and consistent way. By using code to define and enforce policies, organizations can ensure that their security practices are consistently applied and maintained over time. This can help to prevent errors and mistakes that can compromise security, and can make it easier to detect and respond to potential security threats.

In this talk, I will provide an overview of Policy-as-Code and how it can be used to improve stack security, starting from the bottom of your stack - the Infrastructure layer and climbing up to the top with policy as code as part of the Application layer.

Furthermore, I will also discuss best practices for implementing policy as code, including using Open-source tools such Datree, OPA and OPAL, the best practices of using policy as code in your Kubernetes clusters, and the emergence of GitOps as the modern way of implementing “Everything-as-Code” in 2023.

Considering the evolving trends in DevOps, this topic is highly relevant, and I am confident that my experience and expertise in stack security will give the DevOpsDays Birmingham attendees crucial knowledge and useful best-practices for securing their stack.

Thank you for considering this proposal.

Sincerely,
Raz Cohen, DevOps Team Lead @ Permit.io